Blog Post

Cyber security has emerged as something that almost all power grid companies worry about and invest in, and entrepreneurs and startups are innovating to deliver new types of security solutions for the power grid. For example, an under the radar company called GridCOM Technologies tells us it’s developing a new tool based on quantum physics that could protect the grid from such digital security attacks.

Founded only last year, GridCOM’s technology uses something called quantum cryptography to generate codes using photons (tiny packets of light) that shield communications among a network of electronic equipment from the computers that control power transmission to smart meters. Quantum cryptography uses physics (instead of math like conventional encryption does) to secure cyber communications.

GridCOM’s approach is quite different from the conventional mathematically-based encryption methods traditional used to protect communications over the Internet, said Duncan Earl, co-founder and CTO of GridCOM and a former researcher in the Cyberspace Sciences and Information Intelligence Research group at the Oak Ridge National Laboratory. These conventional methods have worked fairly well and have been around long enough to be affordable, but they also don’t offer the speed and potency that some owners of sensitive energy data might want, Earl said.

The startup, based in Carlsbad near San Diego, recently raised a round of seed money from Ellis Energy Investment. Earl declined to disclose the amount but said Ellis is “committed to funding us for the next two years.”

Smart grid cyber threats

GridCOM is counting on a growing concern by utility executives over the security of their networks. Up until now, cybersecurity attacks on utility grids have been pretty rare. The grid hasn’t been vulnerable mainly because the computers and other equipment historically used by utilities have been mostly analog, not digital, and they have been designed with proprietary, customized technologies for each utility’s closed-off network.

The push to deploy smart grid technologies, however, is transforming the grid to include more digital devices with common technical standards and communication protocols. In addition, the reliance of the Internet for some of the network creates a vulnerability that didn’t exist before.

While utility executives are thinking more about cybersecurity these days, they don’t necessarily want to spend much money to enhance it, as this report by the U.S. Department of Energy pointed out. The report said evolving regulations on cybersecurity, which is a fairly new problem, also makes it difficult for utilities to draft and deploy good plans.

The secret security sauce

GridCOM’s core technology lies in the quantum server that will generate lots of “keys,” each of which is a string of 200 random bits of 0’s and 1’s that can encrypt a message very quickly. The startup’s customers will be able to download as many of those keys as necessary. The keys can work within 4 milliseconds, which is the amount of time that a utility’s machines will need to communicate with one another should there be an emergency on the grid, Earl said. Conventional encryption methods take longer and allow for a hacker to eavesdrop and disrupt the communications.

The source of the keys comes from what’s called “quantum entangled photons.” Say what? Well, when a light source goes through a crystal, it generates a pair of photons that are twins with polar opposite characteristics. Those photons share a bond called entanglement, which makes it difficult to distinguish them and figure out what message they have encrypted. To break that encryption, the hacker will have to figure out which photon has which characteristic. And the act of measuring a photon will in fact alert the quantum server of the intrusion.

Sounds hard to crack? The encryption and detection system is “nearly unbreakable,” says Earl. Each GridCom system is consisted of a quantum server, eight receivers and fiber optic lines. The startup plans to make money by charging a subscription fee, which in the near term would be $50 per device per month.

GridCOM still has to prove that its technology could do wonders in real life, though. Quantum cryptography has long been a subject of academic research, but it hasn’t been widely adopted. Using it for the typical email and Internet or even cellular communications is too expensive.

Those communications involve so many devices and high levels of data traffic that each network will need quite a few of quantum servers to generate tons and tons of keys, Earl said. Communications between machines in a power grid, on the other hand, happen less frequently. There are a handful of quantum cryptography companies out there, such as ID Quantique in Switzerland, Earl noted.

GridCOM is only in the early stages of developing its technology. It is now engineering the quantum servers and assembling them itself. The company aims to deploy a test network of 20-mile radius in the San Diego area by the end of this year. It would like to do a larger demonstration project with a first subscriber in 2014, Earl said. The company also plans to target the oil and gas industry.

Conventional encryption is not nearly as vulnerable to hacking as many sensational stories make it out to be. And quantum encryption is one of those gee-whiz sci-fi-type fads that sound cooler than it is practical yet.

I don’t think conventional encryption is very vulnerable, or else we’d have had more disruptions in our daily lives, given how dependent we are various communication networks. The issue is that when there is hacking, the consequences could be great (stolen personal information, sensitive industry data, etc.). So it’s like nuclear power generation: most of the time it works well. But when one power plant goes haywire, you could end up with lots of casualties.